From a549457461874157c8c8e8e8a6e0eec06da4fbd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= Date: Tue, 24 Nov 2020 10:30:20 +0000 Subject: [PATCH] CVE-2020-25713 raptor2: malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common See: https://bugs.mageia.org/show_bug.cgi?id=27605 https://www.openwall.com/lists/oss-security/2020/11/13/1 https://gerrit.libreoffice.org/c/core/+/106249 --- src/raptor_xml_writer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/raptor_xml_writer.c b/src/raptor_xml_writer.c index 56993dc3..4426d38c 100644 --- a/src/raptor_xml_writer.c +++ b/src/raptor_xml_writer.c @@ -227,7 +227,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, /* check it wasn't an earlier declaration too */ for(j = 0; j < nspace_declarations_count; j++) - if(nspace_declarations[j].nspace == element->attributes[j]->nspace) { + if(nspace_declarations[j].nspace == element->attributes[i]->nspace) { declare_me = 0; break; } -- 2.28.0